Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.nifi/nifi-jms-bundle@1.12.1
Typemaven
Namespaceorg.apache.nifi
Namenifi-jms-bundle
Version1.12.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.22.0
Latest_non_vulnerable_version1.22.0
Affected_by_vulnerabilities
0
url VCID-ncm3-587h-kuey
vulnerability_id VCID-ncm3-587h-kuey
summary 
The JndiJmsConnectionFactoryProvider Controller Service, along with the ConsumeJMS and PublishJMS Processors, in Apache NiFi 1.8.0 through 1.21.0 allow an authenticated and authorized user to configure URL and library properties that enable deserialization of untrusted data from a remote location.

The resolution validates the JNDI URL and restricts locations to a set of allowed schemes.

You are recommended to upgrade to version 1.22.0 or later which fixes this issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-34212
reference_id
reference_type
scores
0
value 0.00779
scoring_system epss
scoring_elements 0.7419
published_at 2026-06-12T12:55:00Z
1
value 0.00779
scoring_system epss
scoring_elements 0.74117
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-34212
1
reference_url https://github.com/apache/nifi
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/nifi
2
reference_url https://github.com/apache/nifi/commit/3fcb82ee4509d1ad73893d8dca003be6d086c5d6
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/nifi/commit/3fcb82ee4509d1ad73893d8dca003be6d086c5d6
3
reference_url https://github.com/apache/nifi/pull/7313
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/nifi/pull/7313
4
reference_url https://issues.apache.org/jira/browse/NIFI-11614
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/NIFI-11614
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-34212
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-34212
6
reference_url http://www.openwall.com/lists/oss-security/2023/06/12/2
reference_id 2
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-09T13:37:27Z/
url http://www.openwall.com/lists/oss-security/2023/06/12/2
7
reference_url https://github.com/advisories/GHSA-65wh-g8x8-gm2h
reference_id GHSA-65wh-g8x8-gm2h
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-65wh-g8x8-gm2h
8
reference_url https://nifi.apache.org/security.html#CVE-2023-34212
reference_id security.html#CVE-2023-34212
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-09T13:37:27Z/
url https://nifi.apache.org/security.html#CVE-2023-34212
9
reference_url https://lists.apache.org/thread/w5rm46fxmvxy216tglf0dv83wo6gnzr5
reference_id w5rm46fxmvxy216tglf0dv83wo6gnzr5
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-09T13:37:27Z/
url https://lists.apache.org/thread/w5rm46fxmvxy216tglf0dv83wo6gnzr5
fixed_packages
0
url pkg:maven/org.apache.nifi/nifi-jms-bundle@1.22.0
purl pkg:maven/org.apache.nifi/nifi-jms-bundle@1.22.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-jms-bundle@1.22.0
aliases CVE-2023-34212, GHSA-65wh-g8x8-gm2h
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ncm3-587h-kuey
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.nifi/nifi-jms-bundle@1.12.1